X-Frame-Options Header

Yellowfin FAQ shared this problem 23 months ago

I've received a finding that Yellowfin isn't using X-Frame-Options: DENY in the HTTP Headers.

Comments (1)


This can be resolved at the Tomcat level by implementing HTTP Header Security (Tomcat 8 +). Simply add the following to <YellowfinInstall>/appserver/webapps/ROOT/WEB-INF/web.xml inside the <web-app> tag:


Where $optionHere will signify one of: DENY, SAMEORIGIN, ALLOW-FROM. As documented in the Tomcat Configuration docs.

- Ryan